Mercurial Grabber.exe [LATEST]

Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex .

The file is the compiled output of an open-source information stealer (infostealer) originally published on GitHub in 2021. While its creators claimed it was for "educational purposes," it has been widely adopted by threat actors to steal personal data from gamers and casual web users.

Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs Mercurial Grabber.exe

Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions.

The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection: Extracts stored passwords, cookies, and autofill data from

The user runs the .exe . It may show a fake error message or a simple GUI to appear legitimate.

Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods Risk Mitigation If you suspect an infection: The

Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots.